Master boolean index:

Module: unconfined

Layer: system

daemon_access_unconfined_home (Default: true)

Enabling this allows some daemons to access unconfined_home_dir_t and unconfined_home_t as if they were regular home directories. This does reduce the protection...

Global
secure_mode (Default: false)

Enabling secure mode disallows programs, such as newrole, from transitioning to administrative user domains.

Global
secure_mode_insmod (Default: false)

Disable transitions to insmod.

Global
secure_mode_policyload (Default: false)

boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back